mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Fixed #16230 -- Correctly escape errors message passed to ErrorDict. Thanks, Gregor Müllegger.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16461 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -27,7 +27,7 @@ class ErrorDict(dict, StrAndUnicode): | ||||
|     def as_ul(self): | ||||
|         if not self: return u'' | ||||
|         return mark_safe(u'<ul class="errorlist">%s</ul>' | ||||
|                 % ''.join([u'<li>%s%s</li>' % (k, force_unicode(v)) | ||||
|                 % ''.join([u'<li>%s%s</li>' % (k, conditional_escape(force_unicode(v))) | ||||
|                     for k, v in self.items()])) | ||||
|  | ||||
|     def as_text(self): | ||||
|   | ||||
| @@ -55,3 +55,7 @@ class FormsUtilTestCase(TestCase): | ||||
|                          '<ul class="errorlist"><li>Example of link: <a href="http://www.example.com/">example</a></li></ul>') | ||||
|         self.assertEqual(str(ErrorList([mark_safe(example)])), | ||||
|                          '<ul class="errorlist"><li>Example of link: <a href="http://www.example.com/">example</a></li></ul>') | ||||
|         self.assertEqual(str(ErrorDict({'name': example})), | ||||
|                          '<ul class="errorlist"><li>nameExample of link: <a href="http://www.example.com/">example</a></li></ul>') | ||||
|         self.assertEqual(str(ErrorDict({'name': mark_safe(example)})), | ||||
|                          '<ul class="errorlist"><li>nameExample of link: <a href="http://www.example.com/">example</a></li></ul>') | ||||
|   | ||||
		Reference in New Issue
	
	Block a user